| VID |
23124 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The DameWare Mini Remote Control software, according to its version number, has a privilege escalation vulnerability. DameWare Mini Remote Control is a lightweight remote control program primarily intended for use by administrators. DameWare Mini Remote Control versions prior to 4.9 could allow a remote attacker to obtain elevated privileges. An authenticated attacker with non-Administrator privileges could exploit this flaw to elevate their privileges on a remote machine.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.dameware.com/support/security/bulletin.asp?ID=SB5
http://www.shellsec.net/leer_advisory.php?id=7
http://secunia.com/advisories/14829/
http://www.securitytracker.com/alerts/2005/Apr/1013653.html
* Platforms Affected:
DameWare Development LLC, DameWare Mini Remote Control versions prior to 4.9
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of DameWare Mini Remote Control (4.9 or later) available from the DameWare Products Development Web site at http://www.dameware.com/downloads |
| Related URL |
CVE-2005-1088 (CVE) |
| Related URL |
13023 (SecurityFocus) |
| Related URL |
19997 (ISS) |
|
